The Hunters International Ransomware-as-a-Service (RaaS) operation is shutting down and rebranding with plans to switch to data theft and extortion-only attacks.
As threat intelligence firm Group-IB revealed this week, the cybercrime group remained active despite announcing on November 17, 2024, that it was shutting down due to declining profitability and increased government scrutiny.
Since then, Hunters International has launched a new extortion-only operation known as "World Leaks" on January 1, 2025.
"From the administrator's perspective, ransomware is no longer profitable and risky. The criminals collaborating with the group will be provided with a purportedly self-developed exfiltration tool designed to automate the process of data exfiltration in the victims' networks," Group-IB said on Wednesday."Unlike Hunters International, which combined encryption with extortion, World Leaks operates as an extortion-only group using a custom-built exfiltration tool."
The new tool seems to be an upgraded variant of the Storage Software exfiltration tool that Hunters International's ransomware affiliates also use.
Hunters International surfaced in late 2023 and was flagged as a possible rebrand of Hive because of code similarities. Its ransomware targets a wide range of platforms, including Windows, Linux, FreeBSD, SunOS, and ESXi (VMware servers), and it also supports x64, x86, and ARM architectures.
Since its emergence, this ransomware gang has claimed over 280 attacks against organizations worldwide, making it one of the most active ransomware operations.
Notable victims claimed by Hunters International include Tata Technologies, North American automobile dealership AutoCanada, U.S. Marshals Service, Japanese optics giant Hoya, U.S. Navy contractor Austal USA, and Oklahoma's largest not-for-profit health network, Integris Health.
Hunters International also breached the Fred Hutch Cancer Center in December, threatening to leak the stolen data of over 800,000 cancer patients if they weren't paid.
-
Toll payment text scam returns in massive phishing wave
An ongoing phishing campaign impersonating E-ZPass and other toll agencies has surged recently, with recipients receiving multiple iMessage and SMS texts to steal personal and credit card information.
- April 06, 2025
- 11:20 AM
0
-
OpenAI tests watermarking for ChatGPT-4o Image Generation model
OpenAI is reportedly testing a new "watermark" for the Image Generation model, which is a part of the ChatGPT 4o model.
- April 06, 2025
- 10:56 AM
- 0
-
-
Carding tool abusing WooCommerce API downloaded 34K times on PyPI
A newly discovered malicious PyPi package named 'disgrasya' that abuses legitimate WooCommerce stores for validating stolen credit cards has been downloaded over 34,000 times from the open-source package platform.
- April 06, 2025
- 10:17 AM
- 0
-
Get help in the stock market with this AI-powered stock platform deal
You can teach yourself how to build a diversified portfolio with Sterling Stock Picker, an AI-powered stock education app that could help you invest your first dollar. Grab lifetime access and upgrade your financial future for only $68.99 (reg. $486).
- April 06, 2025
- 08:11 AM
- 0
-
Coinbase to fix 2FA account activity entry freaking out users
Coinbase is fixing an incorrect account activity message that freaks out customers and makes them think their credentials were compromised.
- April 05, 2025
- 11:36 AM
- 0
-
WinRAR flaw bypasses Windows Mark of the Web security alerts
A vulnerability in the WinRAR file archiver solution could be exploited to bypass the Mark of the Web (MotW) security warning and execute arbitrary code on a Windows machine.
- April 05, 2025
- 10:14 AM
- 0
Port of Seattle says ransomware breach impacts 90,000 people
Port of Seattle, the U.S. government agency overseeing Seattle's seaport and airport, is notifying roughly 90,000 individuals of a data breach after their personal information was stolen in an August 2024 ransomware attack.
- April 04, 2025
- 01:26 PM
- 1
PoisonSeed phishing campaign behind emails with wallet seed phrases
A large-scale phishing campaign dubbed 'PoisonSeed' compromises corporate email marketing accounts to distribute emails containing crypto seed phrases used to drain cryptocurrency wallets.
- April 04, 2025
- 12:49 PM
- 0
Australian pension funds hit by wave of credential stuffing attacks
Over the weekend, a massive wave of credential stuffing attacks hit multiple large Australian super funds, compromising thousands of members' accounts.
- April 04, 2025
- 12:12 PM
- 1
Europcar GitLab breach exposes data of up to 200,000 customers
A hacker breached the GitLab repositories of multinational car-rental company Europcar Mobility Group and stole source code for Android and iOS applications, as well as some personal information belonging to up to 200,000 users.
- April 04, 2025
- 10:07 AM
- 0
 |
OpenAI's $20 ChatGPT Plus is now free for students until the end of May
ChatGPT Plus subscription is now free, but only if you're a student based out of the United States of America and Canada.
- April 04, 2025
- 09:50 AM
- 0
No comments:
Post a Comment